Three Most In-Demand Cybersecurity Jobs

Uploaded on 2017-07-27 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Cybersecurity roles rank among the most difficult to fill in the enterprise, with the talent gap in this field expected to reach 1.8 million jobs by 2022.

This is a major problem, as threats such as ransomware are at an all-time high, according to Stephen Zafarino, senior director of recruiting at Mondo, a US based national staffing agency specialising in niche IT, tech, and digital marketing talent.

"It definitely can be a challenge, demand is extremely high, and supply is very low, so it's a candidate's market," Zafarino said. "Companies see the benefit of making sure they are investing in the right talent from the best places, and are definitely paying a heavy price as a result."

The average salary for a cyber-security engineer is between $110,000 and $160,000, Zafarino said. And skilled candidates are more able to negotiate salary, benefits, and perks such as working remotely than in the past, he added.

Here are the three most in-demand cybersecurity jobs this year, according to Mondo:

1. Penetration testers

Ransomware is on the rise. After the Petya attack, Zafarino said he received "plenty of phone calls about how to achieve higher security, and who can come evaluate it."

Penetration testers are often a good way to do that, as they go into your system and find vulnerabilities. From there, they will either correct the issue, or offer a detailed report of the flaws in the system so a company can bring in cyber-security engineers or analysts to fix them, and make sure no outside source can break in.
 
2. Cyber-security engineers

Cybersecurity engineers often come from a technical background within development, usually with knowledge of Python and Java. "They are able to get behind the code, and take a deep dive in to see what performance issues might occur from vulnerabilities, and what tweaks they can make," Zafarino said. They also make sure employees are up to date on security best practices.

3. CISOs

The chief information security officer (CISO) helms a company's cybersecurity strategies. "With all of these changes happening, it's important for companies to make sure they have the right leadership in place, and bring in people who are experts in the field," Zafarino said.

In the past, a networking engineer or programmer might have handled cybersecurity on the side. Today, companies want an experienced CISO or security director to lead their efforts. "They are able to come in and give the right strategy because they have gone through the gambit and seen what happens," Zafarino said.

"They have worked their way up to the top, and know the needs and how to address issues and the best tech to use. They are true subject matter experts. Clients are making sure they have these people in place so they are getting the right strategy and staying ahead of the curb."

Companies are also looking for leaders who aren't afraid to point out issues and offer solutions to fix them. They also need to be future-minded, and always looking into how they will continuously grow their approach to security and add new functions, be they tools or employees.

Looking to the Future

Zafarino predicted that we will see these same positions in demand going forward into 2018. "We may see a heavier focus on engineering and analysts, and a lot of companies are probably going to be looking for designated leadership with cyber-security," he said. "They'll also be making sure the right infrastructure is in place, as companies are starting to realize that everyone is a potential threat and taking measures as a result."
 
However, with so few available cybersecurity engineers, many companies are taking inexperienced people and training them, Zafarino said.

"For lower-level professionals, companies need to consider if they want to pay a premium for an analyst to get every skillset they're looking for, or if they want to invest in trainings and seminars," Zafarino said. If you chose the latter, it's key to bring in a consultant for a short amount of time to help get the employee up to speed. "In the long term, that person is probably perfect, especially if you don't have the money at hand," he said. "If you do, you absolutely want to go with the more senior resource, and you can bring in lower-level people along the way."

Zafarino said he commonly sees two paths to becoming a cyber-security professional.

In the first, a person comes from a computer science background, and can usually command a higher salary.

In the second, a person comes from a networking or helpdesk background, and works their way up to systems administrator by taking basic security courses. Those tend to hold lower level security analyst positions, as opposed to security engineers, which usually have a computer science background.

If you need to fill a hole immediately, Zafarino recommended hiring a consultant, which may be more readily available and cost effective.

"Since the threats keep coming more frequently, if you're looking to hire somebody, you probably want to do it sooner rather than later," Zafarino said.

Tech Republic:

You Might Also Read:

Want A Career In Cybersecurity?:

Cybersecurity Threats Are Changing Recruitment:

« Trump Tells US Cyber Command To Get More Aggressive
Cybersecurity Is More Difficult Than 2 Years Ago »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

Cyphra

Cyphra

Cyphra’s team provide cyber security consulting, technical and managed services expertise and experience to support your organisation.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.